How to replace Privacy Shield with Standard Contractual Clauses (SCC)?

October 8, 2020 in Resources



How to replace Privacy Shield with Standard Contractual Clauses (SCC)?

Since it’s no longer recognized by the European Commission, it’s time to replace Privacy Shield with Standard Contractual Clauses. But first, let’s get some context.

Back in 2016, the European Commission adopted the EU-U.S. Privacy Shield as an approved mechanism for the transfer of personal data between the EU and U.S. in a way that was compliant with GDPR.

The purpose of Privacy Shield was to allow US based companies to send data between the US and the EU.

Why is Privacy Shield no longer recognized?

The short answer is that Privacy Shield did not offer the same amount of protection as the GDPR, and the Court of Justice of the European Union (CJEU) decided that the Privacy Shield was essentially “putting lipstick on a pig” making “transfers on the basis of this legal framework now illegal”.

Considering the Privacy Shield is a US standard that is no longer recognized in the middle of a political election, it is unlikely that a new standard will be voted in 2020. For the 5000+ companies who were following the Privacy Shield, this means looking for an alternative.

What are the alternatives to the Privacy Shield?

There is one alternative to the Privacy Shield that remains valid, called Standard Contractual Clauses or SCC. Yet another acronym everyone will have to become familiar with.

The European Commision made the SCC available on their website and must be completed by both the importer of data and the exporter. The contracts include obligations on behalf of both parties and sets out rights for the individuals’ whose personal data is being transferred.

It is important to note that the clauses can not be amended from the European Commission wording, however, you are allowed to include additional business-related clauses to the agreement.

How to replace Privacy Shield with Standard Contractual Clauses?

The easiest way is to download the agreement directly from the European Commission website based on whether you are a controller or a processor and customize it with your company’s information.

Signing one more agreement with all of your customers can be a burden for your legal team. To simplify the process of sharing your new SCC with your customers, you can leverage Pima to allow them to sign it without having to bother your legal department. See how Customer.io is using Pima to share Standard Contractual Clauses with their customers.